Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-20718 | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
| 2022-04-15 | CVE-2022-20719 | Path Traversal vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
| 2022-04-15 | CVE-2022-20720 | Link Following vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
| 2022-04-15 | CVE-2022-20723 | Path Traversal vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
| 2022-04-15 | CVE-2022-20726 | Improper Handling of Exceptional Conditions vulnerability in Cisco IOS Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.5 |
| 2022-04-15 | CVE-2022-20739 | Improper Privilege Management vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. | 7.3 |
| 2022-04-06 | CVE-2022-20754 | Unspecified vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. | 7.2 |
| 2022-04-06 | CVE-2022-20755 | Unspecified vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. | 7.2 |
| 2022-04-06 | CVE-2022-20756 | Unspecified vulnerability in Cisco Identity Services Engine A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. | 7.5 |
| 2022-04-06 | CVE-2022-20762 | Unspecified vulnerability in Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure 2020.02.2.0/2020.02.7.0 A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. | 7.8 |